Ibis, or Italian Broadcast IP Scanner, is a multithreaded broadcast scanner for Windows. Binary, source code, and documentation are included in the archive.
12b743328ce75bdb5c6a7f7d72038645pmdump.exe is a tool that dumps memory for a specified process to a file (as opposed to tools like memdump and dd which dump all of the RAM at once). It is useful for auditing things that might store passwords in memory (for example, VPN clients, email clients, and instant-messaging applications).
94c49f4cc016507e13114f00dcc62054Efuzz is an easy to use Win32 tcp/udp protocol fuzzer which finds unknown buffer overflows in local and remote services. Uses config files to define the range of malformed requests. Includes C source, released under GPL.
3c8c380489c496390c8128be757b1a5dWinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.
261e5caec167e591e3e4eb390a1d7ff8Fport v2.0 is powerful windows tool which reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications. Supports Windows NT4, Windows 2000 and Windows XP.
66c742a94e4f1f3881b0cd9d84727e4eRpcScan enumerates the RPC endpoint-map elements for port 135. You may differentiate between, for example, Windows NT 4.0 SP3 or before and Windows NT 4.0 SP4 or later, Windows 2000 SP2 or before and Windows 2000 SP3, default Windows XP and Windows XP SP1, Windows XP Home Edition and Windows XP Professional.
278d27c018954ed1629de81c5d86f632SHEdit is an offline editor for the SID History Active Directory attribute which goes around the limitation built into the DsAddSidHistory API, allowing an administrator in any domain to access any other domains in the forest as any user.
2de6403618bbcee297c5f19a2d3ef7b6NBTdeputy register a NetBIOS computer name on the network and is ready to respond to NetBT name-query requests. NBTdeputy helps to resolve IP address from NetBIOS computer name for Windows XP and .Net servers on your local network which have ports 137 and 138 open, similar to Proxy ARP.
2ea2f422d59d867df0518884886c6c69Tcpview v2.3 is a tool for Windows which shows all TCP and UDP network connections and which program has each open including listening ports, local and remote addresses, and state of TCP connections. Similar to the powerful unix tool lsof. Tested on Windows NT/2000/XP and Windows 98/Me. Also works on Win95 with Winsock update. Screenshot available here.
3c1b5907a17d041fbe63c46bd5124948LogAgent 2.1 is a tool made in Perl for recollecting log files from various applications and various machines into a central location in (almost) real-time in order to improve network activity awareness.
016665336c8dfa6a1530b9a282ed6f13ComLog.pl, a WIN32 command prompt logger - The goal of this paper is to present a new Perl tool made to monitor DOS sessions on Windows NT/2K (should also work on XP). This tool can be used by administrators to keep a history of commands typed in the DOS command prompt and the associated output, for example on an IIS server. This can help admins to figure out what an attacker has done after compromising the machine via one of the numerous vulnerabilities available.
8cd836c9e931f3e30fdfcb6512faae37PromiscDetect for Windows NT 4.0 / 2000 / XP checks if your network adapter(s) is in promiscuous mode or not (that is, in most cases, if a sniffer is running on the computer or not). Of course the attacker might be intercepting the communication between the tool and the adapter, making the result unreliable, but there are probably many more cases out there where the tool will really detect a sniffer.
117ec27602980ae13307a7c2021a5d90Windows 2000 Group Policy may be disabled by locking the policy files. Microsoft does not have sufficient plans to replace the system files to fix this problem so we developed an application that can be run on a domain to search for Group Policy files and lock them. Once the Group Policy files are locked the subsequent logins will attempt to read the Group Policy Objects but will not be able to so the Group Policies will not be propagated to the user or the machine. This can be a serious problem depending on the domain's reliance on Group Policy. More info on Windows group policy available here.
4022f61b41897cd6a81f48d1fbc4de53RegistryBrowser is a utility which demonstrates problems associated with stolen windows passwords by remotely browsing remote system registries using a specified user account. Tested on Windows NT and 2000.
6c66b0fab36597e00164f63bb3e179fcIP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
e3d49382b7b147c19cab5a1a6ef8b871IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
d8a5b686645f405c2a28668e681587baIP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
c0fc717489cadc3baa7d04db7cf3ec31IP Restrictions Scanner (IRS) is a Windows NT/2k tool which finds out which network restrictions have been set for a particular service on a host. It combines "ARP Poisoning" and "Half-Scan" techniques and tries totally spoofed TCP connections to the selected port of the target.
af97176adef7c0d482b39ba138481247DSNS is advanced network scanner for Windows 2000. It uses fast and stealthy SYN scanning to find open ports and is able to probe the services that are running on that ports. So you can check proxies, scan for SMTP relaying hosts and more. Screenshot available here.
de4db52bd321d22cb78fdd245f7523cbScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.
30aa1c8af128d294665fe691cdaf122aScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.
843c8e8991f9bb17cb5b82a21112409cScoopLM searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows 2000.
6a074c77ea35b69566ebd31eb0145ad1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed